[
https://issues.apache.org/jira/browse/KAFKA-3665?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15273900#comment-15273900
]
ASF GitHub Bot commented on KAFKA-3665:
---------------------------------------
GitHub user ijuma opened a pull request:
https://github.com/apache/kafka/pull/1330
KAFKA-3665; Default ssl.endpoint.identification.algorithm should be https
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ijuma/kafka
kafka-3665-ssl-endpoint-identification-https
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/kafka/pull/1330.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1330
----
commit 8939bde7c99dcccd1e5d5496b64447d6e74507c0
Author: Ismael Juma <[email protected]>
Date: 2016-05-06T09:36:27Z
Default ssl.endpoint.identification.algorithm should be `https`
----
> Default ssl.endpoint.identification.algorithm should be https
> -------------------------------------------------------------
>
> Key: KAFKA-3665
> URL: https://issues.apache.org/jira/browse/KAFKA-3665
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 0.9.0.1
> Reporter: Ismael Juma
> Assignee: Ismael Juma
> Fix For: 0.10.0.0
>
>
> The default `ssl.endpoint.identification.algorithm` is `null` which is not a
> secure default (man in the middle attacks are possible).
> We should probably use `https` instead. A more conservative alternative would
> be to update the documentation instead of changing the default.
> A paper on the topic (thanks to Ryan Pridgeon for the reference):
> http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
